CVE-2022-26034

Name of the Vulnerable Software and Affected Versions CENTUM VP versions R6.01.10 through R6.09.00 CENTUM VP Small versions R6.01.10 through R6.09.00 CENTUM VP Basic versions R6.01.10 through R6.09.00 B/M9000 VP versions R8.01.01 through R8.03.01

Description The issue is related to an improper authentication vulnerability in the communication protocol provided by the AD server. This vulnerability may allow an attacker to use the functions provided by the AD server, potentially leading to data leakage or tampering. The vulnerability is associated with errors during the authentication procedure, which could enable a remote attacker to exploit the issue and utilize the functionality provided by the AD server.

Recommendations For CENTUM VP versions R6.01.10 through R6.09.00, update to a version outside of this range to mitigate the risk. For CENTUM VP Small versions R6.01.10 through R6.09.00, update to a version outside of this range to mitigate the risk. For CENTUM VP Basic versions R6.01.10 through R6.09.00, update to a version outside of this range to mitigate the risk. For B/M9000 VP versions R8.01.01 through R8.03.01, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the AD server functionality until a patch is available.